On Sat, Jan 25, 2003 at 03:51:59AM -0800, Uwe Dippel wrote: > The subject says it. > Strange behaviour and no clue here why. > A server floods random (??) IP-addresses with udp-packets from iad1 to > 1434 (msql), overflowing the external router,yadayadayada. DoS, in > short. > Anyone seen this before ?? > > Uwe > > __________________________________________________ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > Yes, our colocation facility was severely crippled by this worm from about 8pm Friday, the 24th until about 2pm today (PST). You can see here on the mrtg graphs the extent of the congestion it caused. http://oak-mrtg.inreach.com/oak/colo/005/209.209.25.185.4.html I could login to my machines there, but I couldn't run any commands whatsoever from them. A simple ps -fe would hang the session. -- Eric Nelson <enat_private> GPG-key: C4AB5707 http://www.megahosted.com/~en/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 20:17:36 PST